IT security: The trends to watch in 2009

Managed services, mobile provision and distributed security all feature on 2009's security radar

In the arms race between security specialists and threats, it's hard enough keeping up with advisories, warnings of potential problems and new philosophies of safe IT, let alone mixing in the rapidly changing technological and economical implications of the connected environment.

The continuing economic downturn could lead to more instances of cybercrime, with a corresponding tightening of security budgets. That was the gloomy prognosis of security experts at a recent CSO interchange event, where chief security officers met to swap war stories and ideas. Cloud computing and the outsourcing of business IT processes are hot topics at the moment, as is virtualisation, due to the apparent cost-savings.

Andy Buss, senior analyst at Canalys, believes the current trend towards cloud computing and security software-as-a-service (SaaS) is likely to continue. "Cloud computing is starting to establish itself as viable. There are possibilities in security as a managed service," he says. "In-the-cloud firewalls and services allowing mobile workers to access cloud-based applications [are also likely]."

Buss expects to see more security applications being delivered virtually over SSL encrypted VPNs (virtual private networks) next year. This would not be a move to using thin clients, says Buss, but the use of virtualised applications to cut the costs of data replication.

People need to work out how they will link these virtual applications, provided by different vendors, into a common security network, he says. "We need services where everything you do follows company policy, to get more corporate control. Say you have Salesforce, hosted CRM from SAP, plus hosted email services — how do you protect all of those while providing mobile access?"

Buss also sees the use of managed email services increasing next year. Symantec's acquisition of MessageLabs in 2008, with Cisco buying IronPort and Google scooping up Postini in 2007, means more choice for enterprises thinking of countering email-borne threats through web services.

"There have been new technologies launched in web-threat security, while there are more and more interactions with the web," says Buss. "Companies need to be able to classify where emails are coming from — that could be by using web reputation or IP reputation."

Buss believes using web services to pre-clean files and applications could allow companies to get more performance out of their existing backend systems. He expects networking security also to be increasingly important to businesses in the coming year.

"As we see a move towards higher bandwidth usage, we'll need more distributed security in the network," he explains. "People want to embed security in the router, as close to the metal as they can."